The Hacker News
- DeepSeek App Transmits Sensitive User and Device Data Without Encryptionby info@thehackernews.com (The Hacker News) on February 7, 2025 at 2:58 pm
A new audit of DeepSeek's mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks. The assessment comes from NowSecure, which also found that the app fails to adhere to best security practices and that it collects extensive user and
- CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerabilityby info@thehackernews.com (The Hacker News) on February 7, 2025 at 12:52 pm
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0994 (CVSS v4 score: 8.6), a deserialization of untrusted data bug that could permit an attacker to conduct remote code execution. "This could
- AI-Powered Social Engineering: Reinvented Threatsby info@thehackernews.com (The Hacker News) on February 7, 2025 at 11:10 am
The foundations for social engineering attacks – manipulating humans – might not have changed much over the years. It’s the vectors – how these techniques are deployed – that are evolving. And like most industries these days, AI is accelerating its evolution. This article explores how these changes are impacting business, and how cybersecurity leaders can respond. Impersonation attacks:
- Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacksby info@thehackernews.com (The Hacker News) on February 7, 2025 at 11:01 am
Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their applications in attackers' pathway. The tech giant's threat intelligence team said it observed limited activity in December 2024 that involved an unknown threat actor using a publicly available, static ASP.NET
- India’s RBI Introduces Exclusive "bank.in" Domain to Combat Digital Banking Fraudby info@thehackernews.com (The Hacker News) on February 7, 2025 at 10:32 am
India's central bank, the Reserve Bank of India (RBI), said it's introducing an exclusive "bank.in" internet domain for banks in the country to combat digital financial fraud. "This initiative aims to reduce cyber security threats and malicious activities like phishing; and, streamline secure financial services, thereby enhancing trust in digital banking and payment services," the RBI said in a
- Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomwareby info@thehackernews.com (The Hacker News) on February 7, 2025 at 5:19 am
Threat actors have been observed exploiting recently disclosed security flaws in SimpleHelp's Remote Monitoring and Management (RMM) software as a precursor for what appears to be a ransomware attack. The intrusion leveraged the now-patched vulnerabilities to gain initial access and maintain persistent remote access to an unspecified target network, cybersecurity company Field Effect said in a
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijackingby info@thehackernews.com (The Hacker News) on February 6, 2025 at 2:34 pm
Bogus websites advertising Google Chrome have been used to distribute malicious installers for a remote access trojan called ValleyRAT. The malware, first detected in 2023, is attributed to a threat actor tracked as Silver Fox, with prior attack campaigns primarily targeting Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China. "This actor has increasingly targeted key roles
- Ransomware Extortion Drops to $813.5M in 2024, Down from $1.25B in 2023by info@thehackernews.com (The Hacker News) on February 6, 2025 at 2:03 pm
Ransomware attacks netted cybercrime groups a total of $813.5 million in 2024, a decline from $1.25 billion in 2023. The total amount extorted during the first half of 2024 stood at $459.8 million, blockchain intelligence firm Chainalysis said, adding payment activity slumped after July 2024 by about 3.94%. "The number of ransomware events increased into H2, but on-chain payments declined,
- SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Imagesby info@thehackernews.com (The Hacker News) on February 6, 2025 at 11:32 am
A new malware campaign dubbed SparkCat has leveraged a suit of bogus apps on both Apple's and Google's respective app stores to steal victims' mnemonic phrases associated with cryptocurrency wallets. The attacks leverage an optical character recognition (OCR) model to exfiltrate select images containing wallet recovery phrases from photo libraries to a command-and-control (C2) server,
- The Evolving Role of PAM in Cybersecurity Leadership Agendas for 2025by info@thehackernews.com (The Hacker News) on February 6, 2025 at 11:20 am
Privileged Access Management (PAM) has emerged as a cornerstone of modern cybersecurity strategies, shifting from a technical necessity to a critical pillar in leadership agendas. With the PAM market projected to reach $42.96 billion by 2037 (according to Research Nester), organizations invest heavily in PAM solutions. Why is PAM climbing the ranks of leadership priorities? While Gartner
- North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentialsby info@thehackernews.com (The Hacker News) on February 6, 2025 at 11:05 am
The North Korea-linked nation-state hacking group known as Kimsuky has been observed conducting spear-phishing attacks to deliver an information stealer malware named forceCopy, according to new findings from the AhnLab Security Intelligence Center (ASEC). The attacks commence with phishing emails containing a Windows shortcut (LNK) file that's disguised as a Microsoft Office or PDF document.
- Top 3 Ransomware Threats Active in 2025by info@thehackernews.com (The Hacker News) on February 6, 2025 at 11:00 am
You arrive at the office, power up your system, and panic sets in. Every file is locked, and every system is frozen. A ransom demand flashes on your screen: "Pay $2 million in Bitcoin within 48 hours or lose everything." And the worst part is that even after paying, there’s no guarantee you’ll get your data back. Many victims hand over the money, only to receive nothing in return, or worse, get
- Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEscby info@thehackernews.com (The Hacker News) on February 6, 2025 at 7:40 am
Cisco has released updates to address two critical security flaws Identity Services Engine (ISE) that could allow remote attackers to execute arbitrary commands and elevate privileges on susceptible devices. The vulnerabilities are listed below - CVE-2025-20124 (CVSS score: 9.9) - An insecure Java deserialization vulnerability in an API of Cisco ISE that could permit an authenticated, remote
- Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaignby info@thehackernews.com (The Hacker News) on February 5, 2025 at 2:55 pm
The North Korea-linked Lazarus Group has been linked to an active campaign that leverages fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver malware capable of infecting Windows, macOS, and Linux operating systems. According to cybersecurity company Bitdefender, the scam begins with a message sent on a professional social media network, enticing them with the promise of
- Cybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attemptsby info@thehackernews.com (The Hacker News) on February 5, 2025 at 1:03 pm
Cybercriminals are increasingly leveraging legitimate HTTP client tools to facilitate account takeover (ATO) attacks on Microsoft 365 environments. Enterprise security company Proofpoint said it observed campaigns using HTTP clients Axios and Node Fetch to send HTTP requests and receive HTTP responses from web servers with the goal of conducting ATO attacks. "Originally sourced from public
- Silent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage Cyberattacksby info@thehackernews.com (The Hacker News) on February 5, 2025 at 12:46 pm
A previously undocumented threat actor known as Silent Lynx has been linked to cyber attacks targeting various entities in Kyrgyzstan and Turkmenistan. "This threat group has previously targeted entities around Eastern Europe and Central Asian government think tanks involved in economic decision making and banking sector," Seqrite Labs researcher Subhajeet Singha said in a technical report
- New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attackby info@thehackernews.com (The Hacker News) on February 5, 2025 at 12:16 pm
Veeam has released patches to address a critical security flaw impacting its Backup software that could allow an attacker to execute arbitrary code on susceptible systems. The vulnerability, tracked as CVE-2025-23114, carries a CVSS score of 9.0 out of 10.0. "A vulnerability within the Veeam Updater component that allows an attacker to utilize a Man-in-the-Middle attack to execute arbitrary code
- Navigating the Future: Key IT Vulnerability Management Trends by info@thehackernews.com (The Hacker News) on February 5, 2025 at 11:00 am
As the cybersecurity landscape continues to evolve, proactive vulnerability management has become a critical priority for managed service providers (MSPs) and IT teams. Recent trends indicate that organizations increasingly prioritize more frequent IT security vulnerability assessments to identify and address potential security flaws. Staying informed on these trends can help MSPs and IT teams
- AsyncRAT Campaign Uses Python Payloads and TryCloudflare Tunnels for Stealth Attacksby info@thehackernews.com (The Hacker News) on February 5, 2025 at 9:40 am
A malware campaign has been observed delivering a remote access trojan (RAT) named AsyncRAT by making use of Python payloads and TryCloudflare tunnels. "AsyncRAT is a remote access trojan (RAT) that exploits the async/await pattern for efficient, asynchronous communication," Forcepoint X-Labs researcher Jyotika Singh said in an analysis. "It allows attackers to control infected systems
- CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25by info@thehackernews.com (The Hacker News) on February 5, 2025 at 5:05 am
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-45195 (CVSS score: 7.5/9.8) - A forced browsing vulnerability in Apache OFBiz that allows a remote attacker to obtain unauthorized